[Snort-users] postgresql

Bryan Irvine bryan.irvine at ...9066...
Wed Jul 2 16:32:15 EDT 2003


I'm getting close.  I've been trying and trying to get ACID running.

I keep getting this:
PHP ERROR: PHP build incomplete: the prerequisite PostgreSQL support
required to read the alert database was not built into PHP. Please
recompile PHP with the necessary library (--with-pgsql)

Which I have done according to the php install instructions.  I've even
uninstalled apache and php and did it again via urpmi with php-pgsql.

Any ideas?

--Bryan



On Wed, 2003-07-02 at 12:10, Bryan Irvine wrote:
> It's logging to postgres *yay*
> 
> Thank you!
> 
> --Bryan
> 
> 
> On Wed, 2003-07-02 at 11:57, Bryan Irvine wrote:
> > I ran this command (with my variables replaced for yours) and got an
> > error that postgres wasn't even compiled in!! eek! *Do'h!*
> > 
> > I did a recompile --with-postgresql and now it doesn't come back with
> > any errors.  I see these at start time
> > 
> > 
> > #######################
> > database: compiled support for ( postgresql )
> > database: configured to use postgresql
> > database:          user = admin
> > database: password is set
> > database: database name = snort
> > database:          host = monitor.horvitznewspapers.net
> > database:   sensor name = 192.233.103.186
> > database:     sensor id = 1
> > database: schema version = 106
> > database: using the "log" facility
> > #######################
> > 
> > *yay*
> > 
> > I have it running now, I will check back shortly to see if the db is
> > populating.
> > 
> > --Bryan
> > 
> > On Wed, 2003-07-02 at 11:29, Jason K. Boykin wrote:
> > > Im using 
> > > /usr/local/bin/snort -u snort -o -b -l /var/log/snort -d -D -i $INTERFACE -c 
> > > /etc/snort/snort.conf
> > > Although Im logging it to localhost.
> > > 
> > > snort.conf
> > > 
> > > Under alert_syslog: Ive got
> > > output alert_fast: alert
> > > You could specify full here
> > > 
> > > Under database: Im using
> > > output database: alert, postgresql, dbname=snort user=snort password=xxx  
> > > host=localhost port=5432
> > > try changing host to the ip your wanting to log to and the rest of the info 
> > > needs to be correct.
> > > 
> > > Here is a snippet from pg_hba.conf that you will need to modify to allow your 
> > > snort machine to log to the database machine but it sounds like you already 
> > > did this.
> > > # Put your actual configuration here
> > > # ----------------------------------
> > > # This default configuration allows any local user to connect as any
> > > # PostgreSQL username, over either UNIX domain sockets or IP:
> > > local        all                                           trust
> > > host         all         127.0.0.1     255.255.255.255     trust
> > > 
> > > Hope this helps!
> > > 
> > > On Wednesday 02 July 2003 12:36 pm, Bryan Irvine wrote:
> > > > I'm trying to do remote logging with a postgresql db.
> > > >
> > > > I've configured postgres, and can log in remotely, all the tables ahve
> > > > been created (via the create_postgresql script), I can log in run sql
> > > > commands but can't figure out how to get snort to log to it.  I've tried    
> > > > output database: alert, mysql, user=username dbname=snort host=hostname
> > > > output database: log, mysql, user=username dbname=snort host=hostname
> > > > output database: alert, mysql, user=username password=password \
> > > > dbname=snort host=hostname
> > > >
> > > > The snort command I'm running is
> > > >
> > > > snort -i xl1 -A FULL -c /usr/local/share/snort/snort.conf -l
> > > > /var/www/htdocs/snort/xl1
> > > >
> > > > I've tried without the -l option (thinking maybe it can't log to a
> > > > directory and db at the same time) but then I get an error that
> > > > /var/snortsomething doesn't exist.
> > > >
> > > > Any ideas?  This seems like I'm so close...
> > > >
> > > > --Bryan
> > > 
> > > 
> > > 
> > > -------------------------------------------------------
> > > This SF.Net email sponsored by: Free pre-built ASP.NET sites including
> > > Data Reports, E-commerce, Portals, and Forums are available now.
> > > Download today and enter to win an XBOX or Visual Studio .NET.
> > > http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > 
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email sponsored by: Free pre-built ASP.NET sites including
> Data Reports, E-commerce, Portals, and Forums are available now.
> Download today and enter to win an XBOX or Visual Studio .NET.
> http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 





More information about the Snort-users mailing list